github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-02 21:47:29 +00:00
Code Issues Projects Releases Wiki Activity

osbuilder: fix alpine agent build

Browse Source 
Since we always build musl kata-agent, there is no need to build
it inside a musl container. We can just build on the host and then
copy the binary to the target rootfs.

There are still a lot to clean up and it should be made so for ALL
target distros instead of just alpine. But this is at least working
for alpine first.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Peng Tao 2020-07-20 17:10:01 +08:00
parent 5216815d1c
commit 76c18aa345
14 changed files with 40 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/osbuilder/scripts/install-yq.sh → ci/install_yq.sh Normal file → Executable file
View File

@ -71,4 +71,3 @@ function install_yq() {
} }
install_yq install_yq

2
src/runtime/golang.mk
View File

@ -22,7 +22,7 @@ ifeq (,$(not_check_version))
have_yq=$(shell if [ -x "$(GOPATH)/bin/yq" ]; then echo "true"; else echo ""; fi) have_yq=$(shell if [ -x "$(GOPATH)/bin/yq" ]; then echo "true"; else echo ""; fi)
ifeq (,$(have_yq)) ifeq (,$(have_yq))
$(info INFO: yq was not found, installing it) $(info INFO: yq was not found, installing it)
install_yq=$(shell .ci/install-yq.sh) install_yq=$(shell ../../ci/install_yq.sh)
endif endif
ifneq (,$(install_yq)) ifneq (,$(install_yq))
$(error "ERROR: install yq failed") $(error "ERROR: install yq failed")

4
src/runtime/virtcontainers/pkg/cloud-hypervisor/Makefile
View File

@ -6,7 +6,7 @@
all: | update-yaml generate-client-code all: | update-yaml generate-client-code
MK_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST)))) MK_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
YQ_INSTALLER := "$(MK_DIR)/../../../.ci/install-yq.sh" YQ_INSTALLER := "$(MK_DIR)/../../../../../ci/install_yq.sh"
VERSIONS_FILE := "$(MK_DIR)/../../../../../versions.yaml" VERSIONS_FILE := "$(MK_DIR)/../../../../../versions.yaml"
YQ := $(shell command -v yq 2> /dev/null) YQ := $(shell command -v yq 2> /dev/null)
@ -22,7 +22,7 @@ generate-client-code: clean-generated-code
update-yaml: update-yaml:
ifndef YQ ifndef YQ
$(MK_DIR)/../../../.ci/install-yq.sh $(MK_DIR)/../../../../../ci//install_yq.sh
endif endif
clh_version=$(shell yq r $(VERSIONS_FILE) assets.hypervisor.cloud_hypervisor.version); \ clh_version=$(shell yq r $(VERSIONS_FILE) assets.hypervisor.cloud_hypervisor.version); \
curl -OL https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/$$clh_version/vmm/src/api/openapi/cloud-hypervisor.yaml curl -OL https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/$$clh_version/vmm/src/api/openapi/cloud-hypervisor.yaml

34
tools/osbuilder/rootfs-builder/alpine/Dockerfile.in
View File

@ -3,39 +3,9 @@
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
From docker.io/golang:@GO_VERSION@-alpine From docker.io/alpine:3.11.6
RUN apk update && apk add \ RUN apk update && apk add \
apk-tools-static \
autoconf \
automake \
bash \ bash \
binutils \
cmake \
coreutils \ coreutils \
curl \ binutils
g++ \
gcc \
git \
libc-dev \
libseccomp \
libseccomp-dev \
linux-headers \
m4 \
make \
musl \
musl-dev \
tar \
vim
# alpine doesn't support x86_64-unknown-linux-gnu
# It only support x86_64-unknown-linux-musl. Even worse,
# it doesn't support proc-macro, which is needed for serde_derive
#
# See issue: https://github.com/kata-containers/osbuilder/issues/386
# -- FIXME
#
# Thus, we cannot build rust agent on alpine
# The way to use alpine is to generate rootfs or build
# go agent to get rootfs and then cp rust agent to rootfs.
# pity..
# RUN ln -svf /usr/bin/gcc /bin/musl-gcc; ln -svf /usr/bin/g++ /bin/musl-g++

4
tools/osbuilder/rootfs-builder/alpine/config.sh
View File

@ -13,9 +13,7 @@ BASE_PACKAGES="alpine-base"
# See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt # See a list of mirrors at http://nl.alpinelinux.org/alpine/MIRRORS.txt
MIRROR=http://dl-5.alpinelinux.org/alpine MIRROR=http://dl-5.alpinelinux.org/alpine
# Mandatory Packages that must be installed PACKAGES=""
# - iptables: Need by Kata agent
PACKAGES="iptables"
# Init process must be one of {systemd,kata-agent} # Init process must be one of {systemd,kata-agent}
INIT_PROCESS=kata-agent INIT_PROCESS=kata-agent

15
tools/osbuilder/rootfs-builder/alpine/rootfs_lib.sh
View File

@ -9,8 +9,6 @@
# #
# - Optional environment variables # - Optional environment variables
# #
# EXTRA_PKGS: Variable to add extra PKGS provided by the user
#
# BIN_AGENT: Name of the Kata-Agent binary # BIN_AGENT: Name of the Kata-Agent binary
# #
# Any other configuration variable for a specific distro must be added # Any other configuration variable for a specific distro must be added
@ -24,21 +22,12 @@ build_rootfs() {
# Mandatory # Mandatory
local ROOTFS_DIR=$1 local ROOTFS_DIR=$1
# In case of support EXTRA packages, use it to allow
# users add more packages to the base rootfs
local EXTRA_PKGS=${EXTRA_PKGS:-}
# Populate ROOTFS_DIR # Populate ROOTFS_DIR
check_root check_root
mkdir -p "${ROOTFS_DIR}" mkdir -p "${ROOTFS_DIR}"
/sbin/apk.static \ cp -a -r /bin /etc /lib /sbin /usr /var ${ROOTFS_DIR}
-X ${MIRROR}/${OS_VERSION}/main \ mkdir -p ${ROOTFS_DIR}{/root,/proc,/dev,/home,/media,/mnt,/opt,/run,/srv,/sys,/tmp}
-U \
--allow-untrusted \
--root ${ROOTFS_DIR}\
--initdb add ${BASE_PACKAGES} ${EXTRA_PKGS} ${PACKAGES}
mkdir -p ${ROOTFS_DIR}{/root,/etc/apk,/proc}
echo "${MIRROR}/${OS_VERSION}/main" > ${ROOTFS_DIR}/etc/apk/repositories echo "${MIRROR}/${OS_VERSION}/main" > ${ROOTFS_DIR}/etc/apk/repositories
} }

53
tools/osbuilder/rootfs-builder/rootfs.sh
View File

@ -288,6 +288,7 @@ check_env_variables()
# Builds a rootfs based on the distro name provided as argument # Builds a rootfs based on the distro name provided as argument
build_rootfs_distro() build_rootfs_distro()
{ {
repo_dir="${script_dir}/../../../"
[ -n "${distro}" ] || usage 1 [ -n "${distro}" ] || usage 1
distro_config_dir="${script_dir}/${distro}" distro_config_dir="${script_dir}/${distro}"
@ -346,21 +347,8 @@ build_rootfs_distro()
if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then if [ -z "${USE_DOCKER}" ] && [ -z "${USE_PODMAN}" ]; then
#Generate an error if the local Go version is too old #Generate an error if the local Go version is too old
foundVersion=$(go version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g") echo "build directly"
build_rootfs ${ROOTFS_DIR}
compare_versions "${GO_VERSION}" "${foundVersion}" || \
die "Your Go version ${foundVersion} is older than the minimum expected Go version ${GO_VERSION}"
if [ "${RUST_AGENT}" == "yes" ]; then
source "${HOME}/.cargo/env"
foundVersion=$(rustc --version | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g")
compare_versions "${RUST_VERSION}" "${foundVersion}" || \
die "Your rust version ${foundVersion} is older than the minimum expected rust version ${RUST_VERSION}"
foundVersion=$(cmake --version | grep "[0-9]\+.[0-9]\+.[0-9]\+" | sed -E "s/^.+([0-9]+\.[0-9]+\.[0-9]+).*$/\1/g")
fi
else else
if [ -n "${USE_DOCKER}" ]; then if [ -n "${USE_DOCKER}" ]; then
container_engine="docker" container_engine="docker"
@ -427,19 +415,16 @@ build_rootfs_distro()
--env INSIDE_CONTAINER=1 \ --env INSIDE_CONTAINER=1 \
--env SECCOMP="${SECCOMP}" \ --env SECCOMP="${SECCOMP}" \
--env DEBUG="${DEBUG}" \ --env DEBUG="${DEBUG}" \
--env STAGE_PREPARE_ROOTFS=1 \
--env HOME="/root" \ --env HOME="/root" \
-v "${script_dir}":"/osbuilder" \ -v "${repo_dir}":"/kata-containers" \
-v "${ROOTFS_DIR}":"/rootfs" \ -v "${ROOTFS_DIR}":"/rootfs" \
-v "${script_dir}/../scripts":"/scripts" \ -v "${script_dir}/../scripts":"/scripts" \
-v "${kernel_mod_dir}":"${kernel_mod_dir}" \ -v "${kernel_mod_dir}":"${kernel_mod_dir}" \
$docker_run_args \ $docker_run_args \
${image_name} \ ${image_name} \
bash /osbuilder/rootfs.sh "${distro}" bash /kata-containers/tools/osbuilder/rootfs-builder/rootfs.sh "${distro}"
exit $?
fi fi
build_rootfs ${ROOTFS_DIR}
} }
# Used to create a minimal directory tree where the agent can be instaleld. # Used to create a minimal directory tree where the agent can be instaleld.
@ -560,17 +545,15 @@ EOT
# The PATH /.cargo/bin is apparently wrong # The PATH /.cargo/bin is apparently wrong
# looks like $HOME is resolved to empty when # looks like $HOME is resolved to empty when
# container is started # container is started
source "${HOME}/.cargo/env" test -r "${HOME}/.cargo/env" && source "${HOME}/.cargo/env" || true
# rust agent needs x86_64-unknown-linux-musl
bash ${script_dir}/../../../ci/install_rust.sh
agent_pkg="${RUST_AGENT_PKG}" agent_pkg="${RUST_AGENT_PKG}"
agent_dir="${GOPATH_LOCAL}/src/${RUST_AGENT_PKG}/src/agent" agent_dir="${script_dir}/../../../src/agent/"
# For now, rust-agent doesn't support seccomp yet. # For now, rust-agent doesn't support seccomp yet.
SECCOMP="no" SECCOMP="no"
fi fi
info "Pull Agent source code"
go get -d "${agent_pkg}" || true
OK "Pull Agent source code"
info "Build agent" info "Build agent"
pushd "${agent_dir}" pushd "${agent_dir}"
[ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || info "checkout failed!" [ -n "${AGENT_VERSION}" ] && git checkout "${AGENT_VERSION}" && OK "git checkout successful" || info "checkout failed!"
@ -624,18 +607,10 @@ parse_arguments()
distro="$1" distro="$1"
arch=$(uname -m) arch=$(uname -m)
if [ "${distro}" == "alpine" ]; then
if [ "${RUST_AGENT}" == "yes" ]; then
die "rust agent cannot be built on ${distro}.
alpine: only has stable/nightly-x86_64-unknown-linux-musl toolchain. It does not support proc-macro compilation.
See issue: https://github.com/kata-containers/osbuilder/issues/386"
fi
fi
if [ "${RUST_AGENT}" == "yes" ] && [ "${arch}" == "s390x" ]; then if [ "${RUST_AGENT}" == "yes" ] && [ "${arch}" == "s390x" ]; then
die "Cannot build rust agent on ppc64le. die "Cannot build rust agent on s390x
musl cannot be built on ppc64le because of long double musl cannot be built on s390x because of long double
reprentation is broken. And rust has no musl target on ppc64le. reprentation is broken. And rust has no musl target on s390x.
See issue: https://github.com/kata-containers/osbuilder/issues/388" See issue: https://github.com/kata-containers/osbuilder/issues/388"
fi fi
} }
@ -673,8 +648,10 @@ main()
prepare_overlay prepare_overlay
fi fi
if [ "$STAGE_PREPARE_ROOTFS" == "" ]; then
init="${ROOTFS_DIR}/sbin/init" init="${ROOTFS_DIR}/sbin/init"
setup_rootfs setup_rootfs
fi
} }
main $* main $*

10
tools/osbuilder/scripts/lib.sh
View File

@ -7,15 +7,11 @@
set -e set -e
KATA_REPO=${KATA_REPO:-github.com/kata-containers/kata-containers} KATA_REPO=${KATA_REPO:-github.com/kata-containers/kata-containers}
KATA_REPO_DIR="${GOPATH}/src/${KATA_REPO}"
CMAKE_VERSION=${CMAKE_VERSION:-"null"} CMAKE_VERSION=${CMAKE_VERSION:-"null"}
MUSL_VERSION=${MUSL_VERSION:-"null"} MUSL_VERSION=${MUSL_VERSION:-"null"}
#https://github.com/kata-containers/tests/blob/master/.ci/jenkins_job_build.sh
# Give preference to variable set by CI # Give preference to variable set by CI
KATA_BRANCH=${branch:-} yq_file="${script_dir}/../../../ci/install_yq.sh"
KATA_BRANCH=${KATA_BRANCH:-master} kata_versions_file="${script_dir}/../../../versions.yaml"
yq_file="${script_dir}/../scripts/install-yq.sh"
kata_versions_file="${KATA_REPO_DIR}/versions.yaml"
error() error()
{ {
@ -199,7 +195,7 @@ create_summary_file()
if [ "${RUST_AGENT}" == "no" ]; then if [ "${RUST_AGENT}" == "no" ]; then
agent_version=$("$agent" --version|awk '{print $NF}') agent_version=$("$agent" --version|awk '{print $NF}')
else else
local -r agentdir="${GOPATH}/src/${KATA_REPO}/src/agent" local -r agentdir="${script_dir}/../../../"
agent_version=$(cat ${agentdir}/VERSION) agent_version=$(cat ${agentdir}/VERSION)
fi fi

1
tools/packaging/kernel/configs/fragments/whitelist.conf
View File

@ -7,3 +7,4 @@ CONFIG_NF_NAT_PROTO_GRE
CONFIG_NF_NAT_PROTO_SCTP CONFIG_NF_NAT_PROTO_SCTP
CONFIG_NF_NAT_PROTO_UDPLITE CONFIG_NF_NAT_PROTO_UDPLITE
CONFIG_REFCOUNT_FULL CONFIG_REFCOUNT_FULL
CONFIG_MEMCG_SWAP_ENABLED

10
tools/packaging/obs-packaging/kata-containers-image/build_image.sh
View File

@ -28,10 +28,6 @@ trap exit_handler EXIT
arch_target="$(uname -m)" arch_target="$(uname -m)"
source "${script_dir}/../versions.txt" source "${script_dir}/../versions.txt"
# osbuilder info
[ -n "${osbuider_version}" ] || osbuider_version="${kata_version}"
# Agent version
[ -n "${agent_version}" ] || agent_version="${kata_version}"
readonly destdir="${PWD}" readonly destdir="${PWD}"
@ -59,9 +55,9 @@ create_tarball() {
agent_sha=$(get_repo_hash "${script_dir}") agent_sha=$(get_repo_hash "${script_dir}")
#reduce sha size for short names #reduce sha size for short names
agent_sha=${agent_sha:0:${short_commit_length}} agent_sha=${agent_sha:0:${short_commit_length}}
tarball_name="kata-containers-${osbuider_version}-${agent_sha}-${arch_target}.tar.gz" tarball_name="kata-containers-${kata_version}-${agent_sha}-${arch_target}.tar.gz"
image_name="kata-containers-image_${img_distro}_${osbuider_version}_agent_${agent_sha}.img" image_name="kata-containers-image_${img_distro}_${kata_version}_agent_${agent_sha}.img"
initrd_name="kata-containers-initrd_${initrd_distro}_${osbuider_version}_agent_${agent_sha}.initrd" initrd_name="kata-containers-initrd_${initrd_distro}_${kata_version}_agent_${agent_sha}.initrd"
mv "${script_dir}/../../../osbuilder/kata-containers.img" "${image_name}" mv "${script_dir}/../../../osbuilder/kata-containers.img" "${image_name}"
mv "${script_dir}/../../../osbuilder/kata-containers-initrd.img" "${initrd_name}" mv "${script_dir}/../../../osbuilder/kata-containers-initrd.img" "${initrd_name}"

2
tools/packaging/obs-packaging/runtime/_service-template
View File

@ -3,7 +3,7 @@
<!--- OBS plugin tar_scm (Source control manager) --> <!--- OBS plugin tar_scm (Source control manager) -->
<service name="tar_scm"> <service name="tar_scm">
<param name="scm">git</param> <param name="scm">git</param>
<param name="url">https://github.com/kata-containers/runtime.git</param> <param name="url">https://github.com/kata-containers/kata-containers.git</param>
<param name="filename">kata-runtime</param> <param name="filename">kata-runtime</param>
<!--- versionformat defines the name of the tarball. --> <!--- versionformat defines the name of the tarball. -->
<param name="versionformat">@VERSION@</param> <param name="versionformat">@VERSION@</param>

2
tools/packaging/release/kata-deploy-binaries.sh
View File

@ -195,7 +195,7 @@ install_docker_config_script() {
#Install all components that are not assets #Install all components that are not assets
install_kata_components() { install_kata_components() {
kata_version=${1:-$kata_version} kata_version=${1:-$kata_version}
pushd "${script_dir}/../../../" pushd "${script_dir}/../../../src/runtime"
echo "Checkout to version ${kata_version}" echo "Checkout to version ${kata_version}"
git checkout "${kata_version}" git checkout "${kata_version}"
echo "Build" echo "Build"

6
tools/packaging/scripts/lib.sh
View File

@ -34,16 +34,14 @@ get_from_kata_deps() {
local dependency="$1" local dependency="$1"
BRANCH=${branch:-master} BRANCH=${branch:-master}
local branch="${2:-${BRANCH}}" local branch="${2:-${BRANCH}}"
local runtime_repo="github.com/kata-containers/kata-containers"
GOPATH=${GOPATH:-${HOME}/go} GOPATH=${GOPATH:-${HOME}/go}
local runtime_repo_dir="${GOPATH}/src/${runtime_repo}"
# For our CI, we will query the local versions.yaml file both for kernel and # For our CI, we will query the local versions.yaml file both for kernel and
# all other subsystems. eg: a new version of NEMU would be good to test # all other subsystems. eg: a new version of NEMU would be good to test
# through CI. For the kernel, .ci/install_kata_kernel.sh file in tests # through CI. For the kernel, .ci/install_kata_kernel.sh file in tests
# repository will pass the kernel version as an override to this function to # repository will pass the kernel version as an override to this function to
# allow testing of kernels before they land in tree. # allow testing of kernels before they land in tree.
if [ "${CI:-}" = "true" ] && [ -d "${runtime_repo_dir}" ]; then if [ "${CI:-}" = "true" ]; then
versions_file="${runtime_repo_dir}/versions.yaml" versions_file="${this_script_dir}/../../../versions.yaml"
else else
versions_file="versions-${branch}.yaml" versions_file="versions-${branch}.yaml"
fi fi

14
versions.yaml
View File

@ -114,7 +114,7 @@ assets:
description: | description: |
Root filesystem disk image used to boot the guest virtual Root filesystem disk image used to boot the guest virtual
machine. machine.
url: "https://github.com/kata-containers/osbuilder" url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture: architecture:
aarch64: aarch64:
name: "ubuntu" name: "ubuntu"
@ -135,7 +135,7 @@ assets:
description: | description: |
Root filesystem initrd used to boot the guest virtual Root filesystem initrd used to boot the guest virtual
machine. machine.
url: "https://github.com/kata-containers/osbuilder" url: "https://github.com/kata-containers/kata-containers/tools/osbuilder"
architecture: architecture:
aarch64: aarch64:
name: &default-initrd-name "alpine" name: &default-initrd-name "alpine"
@ -162,16 +162,6 @@ assets:
url: "https://gitlab.com/virtio-fs/linux.git" url: "https://gitlab.com/virtio-fs/linux.git"
tag: "kata-v5.6-april-09-2020" tag: "kata-v5.6-april-09-2020"
components:
description: "Core system functionality"
agent:
description: |
Container management service running in the guest virtual machines
root context.
url: "https://github.com/kata-containers/agent"
commit: "6f6e9ecd8aded0783c31968b304a9d6589114363"
externals: externals:
description: "Third-party projects used by the system" description: "Third-party projects used by the system"